WireGuard on Raspberry Pi 4B

1. Update & Upgrade

sudo apt update && sudo apt upgrade -y
sudo reboot

2. Install WireGuard

sudo apt install wireguard -y

3. Enable IP Forwarding

Edit /etc/sysctl.conf:

net.ipv4.ip_forward=1

Apply:

sudo sysctl -p

4. Generate Server Keys

wg genkey | tee privatekey | wg pubkey > publickey

5. Create `wg0.conf`

[Interface]
PrivateKey = <YOUR_PRIVATE_KEY>
Address = 10.0.0.1/24
ListenPort = 51820
SaveConfig = true

[Peer]
# Client example
PublicKey = <CLIENT_PUBLIC_KEY>
AllowedIPs = 10.0.0.2/32

6. Start & Enable

sudo systemctl start wg-quick@wg0
sudo systemctl enable wg-quick@wg0

7. (Optional) NAT with iptables

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables-save > /etc/iptables/rules.v4

8. Client Config

[Interface]
PrivateKey = <CLIENT_PRIVATE_KEY>
Address = 10.0.0.2/24

[Peer]
PublicKey  = <SERVER_PUBLIC_KEY>
Endpoint   = your.pi.public.ip:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25

9. Verify

sudo wg
ip a show wg0

WireGuard on Raspberry Pi 4B

1. Update & Upgrade

2. Install WireGuard

3. Enable IP Forwarding

4. Generate Server Keys

5. Create wg0.conf

6. Start & Enable

7. (Optional) NAT with iptables

8. Client Config

9. Verify

5. Create `wg0.conf`